Context:
I'm generating an x509 Certificate using APIs in OpenSSL. I first create the X509 structure like this:
X509 *x509 = X509_new(); // Assume no errors
What I'm trying to do:
Now I want to add an extension to this Certificate. Specifically, I want to set the "Extended Key Usage" extension to the value serverAuth,clientAuth. To do this, I am attempting to use the OpenSSL function x509_add1_ext_i2d(), which has the following signature:
X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags)
I'm calling that function passing a C-String for value, which I assume is not correct. Here's the call I'm making:
X509_add1_ext_i2d(x509, NID_ext_key_usage, "serverAuth,clientAuth", 0, 0)
What's Happening:
I'm getting an EXC_BAD_ACCESS (code=EXC_i386_GPFLT) exception when that line of code runs. I'm assuming that's because the value I pass in has to be some sort of special thing (an octet string? Some sort of other OpenSSL value?)
What I Need:
What do I need to pass for the value parameter in order to correctly set that extension to the string value serverAuth,clientAuth? Or, alternately, why am I getting the listed exception? Note: If I remove this line and attempt to generate a certificate without extensions (with other properties such as Name, expiration date, etc. that I have excluded here for brevity) it works just fine.
I have spent an entire day pouring over OpenSSL's (ridiculously poor) documentation and Googling. Everything I can find discusses how to add extensions to certificates from the command line rather than in code. I cannot track down what the hell this function expects to see in the value parameter.
